icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Snare for Windows < 3.1.8 Web Interface Cross-Site Request Forgery

Medium

Synopsis

The remote host is vulnerable to a cross-site request forgery attack.

Description

The remote host is running Snare for Windows, a central logging application with the web interface enabled.

Versions of Snare for Windows earlier than 3.1.8 are potentially affected by a cross-site request forgery vulnerability in the web administration interface. An attacker, exploiting this flaw, could execute arbitrary script code in a user's browser.

Solution

Upgrade to Snare for Windows 3.1.8 or later.